What is cryptography in cyber security?

Cyber security professionals viewing a digital padlock and encrypted data on a computer screen.
Cyber security professionals viewing a digital padlock and encrypted data on a computer screen.
UNSW Online Study

You might not know what cryptography is, but chances are you use it every day.

Cryptography shields sensitive information and messages from unauthorised access. It protects data and enables secure use of online systems.

Cryptography also plays a vital role in everyday applications, powering online banking, e-commerce, digital government systems, messaging apps, social media and identity verification.

Cryptography is emerging as a highly sought-after specialisation within the thriving and lucrative field of cyber security, a discipline that touches nearly every aspect of modern life. In Australia, the cyber security industry is experiencing rapid growth and is projected to exceed $8 billion in value by 2030.

So, what exactly is cryptography and why is it relevant to you?

What is cryptography?

You can understand the basics of cryptography by looking at the word's meaning. A “crypt” is a vault or a hidden and difficult-to-access chamber, while the suffix “ography” usually refers to the study or science of something.

In cyber security, cryptography involves using tools and methods to protect data and information from being seen, used or manipulated by people or organisations who shouldn’t have access to it.

Cryptography has many key purposes, including:

  • confidentiality – making information unreadable to those without authorised access
  • data integrity – protecting data from intentional or accidental manipulation
  • authentication – ensuring that a person or entity is who they say they are
  • non-repudiation – proving that a specific person or entity performed an action
  • availability – ensuring that authorised users can reliably access data and information.

What is cryptography in cyber security?

Cryptography is an important tool in cyber security that uses various methods to encrypt information or data by converting it into code. There are two aspects to this:

  • encryption – converting information into code known as “ciphertext” that can’t be read by unauthorised users
  • decryption – converting code back into readable information known as “plaintext” for those with authorised access.

Cryptography is commonly used to protect data and information in two different states. The first is at rest, which is for stored data kept in data centres, servers, storage devices, cloud services, media, networks and other storage systems. The second is for data in transit, which applies when it’s being transmitted via public or private networks, communications infrastructure and messaging systems.

By shielding data and information from unauthorised access, cryptography provides numerous important benefits in cyber security, including:

  • reducing the chance of access by malicious actors
  • providing data security via an important layer of protection against harmful use, such as manipulation, breaches, leaks and cyber threats
  • added safety in cases of errors or adverse events, such as loss or theft of a storage device containing sensitive data
  • decreasing security requirements for handling, storage and transmission of data
  • enabling organisations to comply with relevant legislation, such as the Australian Privacy Act and Health Records Act, that require protection of data to avoid penalties
  • helping organisations meet best practice industry guidelines and standards, such as relevant controls and international standards promoted by the Australian Signals Directorate (ASD).

Real-world applications of cryptography

Cryptography is essential for securing online activities and protecting data across various industries, including finance, commerce, healthcare, government services and defence.

It underpins the operations of diverse organisations such as banks, government agencies, military and defence bodies, research institutions, insurance companies, and large corporations. By ensuring the confidentiality and integrity of information, cryptography plays a critical role in enabling these sectors to function securely and effectively.

Let’s take a look at some everyday applications of cryptography:

  • password protection – obscuring stored passwords via encryption to avoid hacking
  • identity verification – using encryption to validate information and prevent forgery, such as in digital signatures
  • secure messaging apps – use end-to-end encryption to ensure only senders and receivers can read content
  • data protection – encrypting private information such as payment and customer details, research results, confidential reports and health data
  • secure web browsing – protecting communication between web browsers and servers to prevent interception of sensitive data such as credit card and internet banking details (for example, the HTTPS protocol)
  • email encryption – protecting the confidentiality of content such as sensitive work emails
  • secure file transfers – preventing hacking and leaks for data in transit via encryption and decryption of files
  • virtual private networks (VPNs) – uses encryption to mask Internet Protocol (IP) address and location, facilitating online privacy and preventing surveillance.

These applications play a crucial role in various digital systems that are essential to our daily lives, both personally and professionally, including:

  • online banking
  • e-commerce websites
  • digital payment systems
  • messaging apps such as WhatsApp and Facebook Messenger
  • cloud storage
  • online government systems such as myGov, Medicare, Centrelink, My Health Record and the Australian Taxation Office (ATO)
  • workplace privacy and confidentiality procedures, such as for data storage, emails and online meetings
  • cryptocurrency transactions.

Types of cryptography

Modern cryptography relies on three primary types of encryption: symmetric cryptography, asymmetric cryptography and hash functions. Additionally, hybrid systems exist, blending elements from these categories to enhance security and functionality.

Each type of encryption secures information using different methods of moving data back and forth between plaintext and ciphertext formats. The main tools used in these methods are algorithms and keys, which are the foundation for securing data in cryptography.

Cryptographic algorithms are mathematical formulas that make up a set of instructions for encryption and decryption. Think of an algorithm as a list of instructions for putting together and taking apart a “ready-to-assemble” piece of flat-packed furniture. The three categories of encryption – symmetric, asymmetric and hash functions – each rely on distinct algorithms, with examples outlined below.

Cryptographic keys, on the other hand, are like secret deciphering codes. A key is a piece of information that’s basically a string of binary digits (either 0 or 1), which are also called bits. Think of a key as the specific tool that comes with your piece of furniture to enable you to assemble and disassemble it. The length and complexity of a key determine its strength and security.

Symmetric cryptography

Symmetric cryptography uses the same secret key for encryption and decryption. For example, when sharing confidential financial data, both the sender and receiver use the same key.

The benefits of this system include that it’s fast and efficient, which makes it suitable for large amounts of data and situations in which resources are limited. Confidentiality is also assured by the fact that only people with the key can decrypt the information.

The main disadvantage is the difficulty of ensuring safe key exchange between different parties, which can lead to security breaches.

Asymmetric cryptography

Asymmetric cryptography, also known as public key cryptography, uses two different keys – a public key for encryption and both the public key plus another private key for decryption. For example, the sender of an email or digital signature can encrypt it with a public key, but the recipient needs the public key and an additional private key for decryption.

The benefits of this system include enhanced security, as the recipient’s private key is never shared. This makes it extremely effective in preventing data breaches and suitable for secure communication. It also enables the sharing of sensitive information via insecure channels, as only the intended recipient can access the private key for decryption.

The major disadvantage is a slower and more resource-intensive process, which can be extremely expensive.

Hash Functions 

Hash functions are a different type of cryptography that don’t involve encryption and decryption. Rather, hashing is a one-way process by which input data is irreversibly converted into a unique code or digital “fingerprint” (called a hash value) via an algorithm (hash function).

A simple example is a transaction ID – a code of numbers or text that’s provided to a customer following an online payment, which the customer records to verify the transaction. This ID is generated via a hash function from input data, such as amount spent, sending and receiving addresses and timestamp. The ID cannot be decoded to obtain the original input data and even a minor change to the input (such as a different time) generates a new ID.

Important characteristics of hash functions in cryptography include:

  • it’s virtually impossible to reverse-code the hash value to reproduce the original data
  • every hash value is unique (the same input data produces the same hash value, but even a small change in input produces a different hash value)
  • hash functions must be fast-working and secure.

Hash functions play a crucial role beyond verifying online payments. They ensure data integrity and enable the secure, unalterable recording and linking of transactions within blockchains, such as those used in cryptocurrency systems.

Common cryptographic algorithms

Cryptography encompasses a diverse array of algorithms, each designed to serve different purposes. Notable examples include:

  • AES (Advanced Encryption Standard) is a symmetric encryption algorithm that uses the same key for encryption and decryption. It’s a block cipher, meaning it encrypts data in fixed-size blocks of specific bit numbers. AES is a gold standard in encryption, valued for its speed, reliability, efficiency and robust defence against attacks – primarily thanks to its use of long encryption keys. It’s the only ASD-approved symmetric algorithm for Australian use.
  • RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm that generates two keys, both public and private, for encryption and decryption. It’s based on the maths principle that factoring large numbers is difficult and specific factors are concealed within the private key. RSA is also ASD-approved and is widely used as a robust and secure method to ensure confidentiality and authenticity.
  • DES (Data Encryption Standard) is a largely obsolete symmetric block cipher. It was once commonly used but is now recognised as being vulnerable to attacks due to its relatively short key length. DES has been replaced by stronger algorithms such as AES. 

The importance of cryptography in the evolving cyber security landscape

Cyber threats are a growing concern, with Australians reporting a cybercrime every six minutes. This reflects a globally evolving cybercrime scene with worldwide costs of over US$9 trillion annually.

The Australian Signals Directorate (ASD) 2023-24 Annual Cyber Threat Report shows a range of worrying trends that underscore the importance of cyber security and cryptography in Australia, including:

  • critical systems are vulnerable to cybercrime disruptions, including energy, transport, communications, data storage, government systems and businesses
  • malign actors are constantly improving their cybercrime capabilities via advances in technology, knowledge and AI
  • cyber criminals are using our systems for espionage, spreading disinformation, interference, coercion, extortion and positioning for future attacks
  • state-sponsored cyber criminals are persistently targeting our systems.

Managing this requires investing in intelligence and systems, fostering international partnerships, and, most importantly, building a skilled, agile and capable cyber security workforce. This effort must include cryptography experts, who play a vital role in protecting our nation against the growing threats of cybercrime.

The benefits of a career in cryptography

The career outlook for cryptographers in Australia is excellent. Professionals in this field can work across a wide range of roles in both government and corporate organisations. There are also opportunities in research, given the need for constant evolution and innovation in the face of emerging threats. 

Current estimates indicate that 5,000 new cyber security workers, including cryptographers, are needed annually to avoid a massive national shortfall by 2030.

Cryptographers also earn strong six-figure salaries, averaging over $177,000 per year.

Supercharge your career and dive into the world of cyber security

UNSW Online’s Master of Cyber Security is designed for ambitious professionals aiming to build in-demand knowledge and skills in cryptography and broader cyber security areas.

Developed in collaboration with industry experts in both defence and engineering, the program opens up lucrative career opportunities in leadership and technical roles.

UNSW Online offers unparalleled flexibility with 100% online study, intakes throughout the year and specialised tracks that broaden your career options. For those seeking a pathway into the master’s degree or shorter study options, UNSW Online also offers a Graduate Diploma in Cyber Security and a Graduate Certificate in Cyber Security.

Join our community of innovators and protect against cybercrime. Get in touch with our Student Enrolment Advisors at 1300 974 990 to discover more about the Master of Cyber Security from UNSW Online and how you can build a rewarding future in this vital field.